“Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link,” the company has advised.

“EnergyAustralia’s electronic bills to residential customers are sent from noreply@billing.energyaustraliaonline.com.au. If you receive an email from a different address that says it relates to your EnergyAustralia bill, please do not open it or click any links it contains.”

About the hoax invoice

Different dates and payment amounts are used on each version in a practice is known content spinning. This means invoices with an August due date mightn’t look suspicious on the surface.

The ‘view bill’ button links to a .zip file containing malicious JavaScript. It appears the aim of the malicious payload is to:

Delay the analysis task by a long amount of time.

Steal private information from local Internet browsers

Install itself for autorun at Windows startup.

It was intercepted before hitting the inboxes of any MailGuard customer.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.